On Mon, Aug 25, 2003 at 02:27:41AM +0100, Steve Kemp wrote: > (Essentially apt-get + apt-cache for snort rules. Clearly packaging a > single rule file within one package is a gross misuse of resources but > it might be sufficient if they were signed and hosted somewhere > sensible..) Such a system as you describe would be fine, and should somehow be incorporated into the Debian release design (especially since snort is by no means the only package that would benefit) but it doesn't get you around the current issue, which is that there simply are no new rules being developed for woody's snort. I can think off-hand of at least one other security related tool that needs frequent updating of a ruleset: nessus. It is an active probing tool that scans a network for vulnerable systems. If it doesn't have a current set of rules, it may fail to identify vulnerable systems, leading to the same issues that snort has. noah
Attachment:
pgpueykU3O57U.pgp
Description: PGP signature